A Document was sent to you using a XEROX WorkJet OP578636.
SENT BY : JIN
IMAGES : 1
FORMAT (.JPEG) DOWNLOAD
The malicious payload is at [donotclick]mirdymas.ru:8080/forum/showthread.php?page=5fa58bce769e5c2 (report here) hosted on the following familiar IP addresses:
184.108.40.206 (Amazon, Ireland)
220.127.116.11 (Cloudaccess.net, US)
18.104.22.168 (Myren, Malaysia)
Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem.
Leave a reply